|
81
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings in all versio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8991
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.2.0 …
New
|
CWE-89
SQL Injection
|
CVE-2026-8978
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'retu…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8502
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in al…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7796
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to ins…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7795
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to an…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7792
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_mor…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7665
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
6.6 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it …
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7566
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' param…
New
|
CWE-22
Path Traversal
|
CVE-2026-7565
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
7.2 |
HIGH
Network
|
-
|
-
|
The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type,…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7537
|
2026-06-6 13:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
